Understanding Short-Term Shock and Long-Term Recovery After Data Breaches

An abstract graphic of blue locked padlocks surrounding a larger red padlock with a broken handle, symbolizing a data breach.

February 17 , 2026 | By Rajiv Sabherwal

Share this via:

Who is this research for? General business leaders, technology executives, and data governance professionals responsible for managing digital trust, platform risk, and organizational responses to data breaches.

Executive Summary

This research from Rajiv Sabherwal at the Sam M. Walton College of Business, University of Arkansas (Department of Information Systems) examines how individuals react over time after experiencing a data breach. Using Facebook’s Cambridge Analytica breach as a real-world setting, the study compares confirmed breach victims with non-victims, tracking changes in trust, attitudes, and behavioral intentions across multiple time periods.

The findings suggest that actual breach victims exhibit stronger negative reactions than non-victims immediately after learning their data were compromised, including declines in trust and willingness to continue using the platform, as well as heightened feelings of violation and feeling as if a “psychological contract” with Facebook had been breached. However, these differences diminish over time, with attitudes converging back to those of non-victims within several months. Importantly, follow-up analyses indicate that this recovery does not necessarily reflect restored confidence or effectiveremediation. Instead, users’ continued engagement - often driven by high switching costs, platform dependence, and inertia - appears to play a central role in shaping longer-term attitudes. Together, the results suggest that the absence of sustained user backlash should be interpreted as a signal that consumer responses alone may fail to adequately discipline poor data governance practices.

Action Items for Industry

Expect intense short-term scrutiny—but don’t mistake fading reactions for restored trust: Initial negative responses from breach victims are real and meaningful, even if they are not permanently visible in usage or attitudes.
Recognize that user retention may mask underlying governance risk: Continued platform use after a data breach may reflect high switching costs rather than renewed confidence in the organization.
Treat data breaches as a governance and accountability issue, not just a reputational event: The findings show the absence of effect of anticipated customer punishment, implying that long-term risk management instead depends on internal controls and oversight.
Design crisis responses for credibility, not just containment: Transparent communication and demonstrable improvements to data security practices may matter more than short-term remediation efforts alone.
Reassess assumptions about market discipline in digital platforms: When users are locked in, leaders bear greater responsibility for proactive data protection and ethical data stewardship.

Quote from the Researcher

"Based on extensive analyses of the Facebook’s Cambridge Analytica scandal, we find that victims of data breaches initially experience greater negative reactions than non-victims — but not for long. Trust drops and feelings of violation spike, yet within six months, those effects largely disappear. This lack of long-term consumer response questions the role of post-breach compensation and suggests that regulation may be needed to better protect data.”

– Rajiv Sabherwal

Co-Authors & Affiliations

Frederic Schlackl — HEC Montréal
Florian Pethig — Tilburg University, Tilburg School of Economics and Management
Hartmut Höhle — University of Mannheim, Business School

Link to the Original Research

Accepted for publication in Information Systems Research, available here.

📩 Interested in learning more? If you’d like additional information about this research or to connect directly with the researchers, please email us at research@walton.uark.edu.

Rajiv Sabherwal is a Distinguished Professor and the Edwin & Karlee Bradberry Chair in the Department of Information Systems in the Sam M. Walton College of Business at University of Arkansas. He has published on the management, use and impacts of information technology and knowledge in Information Systems Research, MIS Quarterly, Management Science, Organization Science, Journal of Management Information Systems, Journal of AIS, Decision Sciences and other journals. He is a Fellow of IEEE, a Fellow of the Association of Information Systems and a Ph.D. from University of Pittsburgh.

https://walton.uark.edu/insights/posts/images/trucking_fuel_913x485_72dpi.jpg

Designing Driver Feedback Systems That Actually Improve Fuel Efficiency

This research examines how driver ranking systems can boost or reduce fuel efficiency depending on how that feedback is delivered, indicating the importance of feedback design and delivery for logistics leaders.

02/10/2026

https://walton.uark.edu/insights/posts/images/Arkansas_Business_Forecast_Lunch_913x485_72dpi.jpg

Highlights from the 2026 Business Forecast Luncheon

On January 30, the Sam M. Walton College of Business’s Center for Business & Economics Research hosted the 32nd Annual Business Forecast Luncheon, where presenters discussed what may be on the horizon for the global, national, and local economies in 2026.

02/06/2026

https://walton.uark.edu/insights/posts/images/neurodiversity_913x485_72dpi_v2.jpg

How Organizations Can Build More Effective Neurodiversity Hiring Programs

This research investigates why many neurodiversity hiring programs struggle to produce lasting, organization-wide impact, as well as how treating these initiatives as catalysts for broader workplace change — rather than stand-alone programs — may lead to more effective and sustainable outcomes.

02/03/2026

https://walton.uark.edu/insights/posts/images/apple_healthkit_913x485_72dpi.jpg

The Strategic Tradeoffs of Sharing User Data in Mobile Ecosystems

This study uses the rollout of Apple's HealthKit to analyze how data-sharing participation on mobile platforms shapes app innovation, competitive dynamics, and ultimately, user demand.

01/27/2026